Caddy+Cloudflare+Serverpilot = too many redirects?

I’m really only running a wordpress installation on a DO droplet: Ubuntu 14.04.4 x64
I downloaded caddy from I did have cloudflare selected as the dns provider.

Here’s what’s in my caddyfile: {
  root public
  basicauth /admin msadmin ms2016andstuffRTW
  errors apps/mysite/log/ms2016_caddy.error.log
  log apps/mysite/log/ms2016_caddy.access.log
  tls {
    dns cloudflare
} {
  root public
  log apps/mysite-wp/log/ms2017_caddy.error.log
  errors apps/mysite-wp/log/ms2017_caddy.error.log

# PHP-FPM with Unix socket
  # fastcgi / /var/run/php/php7.0-fpm.sock php

# PHP-FPM with regular udp socket
  fastcgi / php

# Routing for WordPress
  rewrite / {
    to {path} {path}/ /index.php?{query}
  tls {
    dns cloudflare

If I set cloudflare to DNS only, then I get a bad gateway error.

Doesn’t ServerPilot use nginx+apache? How have you put Caddy into that mix, exactly?

I can’t speak to the Caddy+ServerPilot gateway error - I don’t see anything obvious in your Caddyfile that would result in that issue.

The most likely culprit for the redirect error is a common problem with CloudFlare.

While a CloudFlare-proxied domain has SSL set to “Flexible” in Crypto settings (the default nowadays), if CF receives a request for HTTPS, it will try to contact the origin server via HTTP. Caddy returns a HTTP->HTTPS redirect, and CloudFlare hands that back to the client instead of taking the hint for itself. Since CloudFlare is transparent, the client sees only a redirect from HTTPS to HTTPS and gives up as this is clearly impossible to resolve.

The fix for this is to set SSL to “Full” or “Full (strict)” in the Crypto settings, or disable the reverse proxy for the site in question.


It does in fact, BUT it’s not too, too hard to work out, since there’s a blanket serverpilot user for the apps on the droplet. I put caddy in the /usr/local/bin and added it to the serverpilot users PATH. Then ran caddy from the HOME.

That stopped the redirect error. Thanks!

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.